Your single source for new lessons on legal technology, e-discovery, and the people innovating behind the scenes.

Where Security Broke Down: 5 Factors that Drove Risk in 2021 and What You Can Do About It

Dylan Salisbury

2021 was a very trying year for corporate cybersecurity teams. The stakes continued to rise as new threats were popping up at every turn. According to IBM’s Cost of a Data Breach Report, the average cost of a data breach was up in 2021 by 10 percent to the tune of $4.24 million, an all-time high. Meanwhile, corporate cyberattacks increased by a record 50 percent in 2021 according to Check Point Research’s (CPR) 2022 Security Report.

These rising threats are yet another burden on organizations that are already struggling to adapt to new ways of working, new technology, and a rapidly changing world. Innovation in the realm of digital security leaves no room for a “fail fast” mentality. The stakes are simply too high. When a cyberattack happens, the cost to your company will be widespread and unpredictable—from millions of dollars in fines and expenses to long-lasting reputational damage.

To help ensure your company stays out of the headlines, it’s important to understand the factors driving these growing threats. Identifying the causes of these vulnerabilities can help corporations identify weak points within their environments.

What factors contributed to this rising tide of security woes in 2021?

Impact of remote work

As more companies deepened their remote work practices and adjusted to new ways of working, security protocols have not always been adapted or not adhered to as stringently by employees. Compliance may become lax, bad habits become reinforced, and new at-home equipment may even enable employees to circumvent security protocols entirely. Home routers and gaming continue to be two heavily attacked platforms. Many of these are completely outside corporate control, but a compromised employee home means that the business is at risk of data theft, business email compromise, and other infections. This changing environment may even contribute to employee vulnerability to phishing attacks and social engineering as the work environment has dramatically changed—things that two years ago would have been obviously out of the ordinary are less clear and more confusing for some employees.

A rushed approach to cloud migration

As many organizations are making shifts to cloud models for more and more facets of their business, the burden on in-house IT and security teams gets heavier. Running a protracted process of a hybrid cloud migration can involve maintaining the oversight of both known on-premises systems and new cloud instances, forcing teams to manage security in multiple places while becoming familiar with new tools and processes for securing an unfamiliar cloud environment.

Supply chain adjustments

As supply chain disruptions rippled through the economy, many corporations had to scramble to align with new suppliers, while their suppliers had to align with new suppliers of their own. An affected supplier, at any point within your supply chain, can directly impact your company. These new and untested relationships can leave organizations’ data vulnerable to exposure, and the security posture of your new and current vendors or partners may put your organization at an unreasonable level of risk. 


Late last year, cybersecurity news sites reported a critical vulnerability associated with Log4j, a Java library used by almost all major Java-based enterprise apps and servers. As this vulnerability was both easily and remotely exploitable, security and IT teams had to quickly determine if they were vulnerable. This vulnerability potentially affected hundreds of millions of systems and can be exploited to allow malicious actors to instruct a system to download malware, ransomware, or bitcoin mining programs. The flaw was easily remedied by a simple software update, but due to the ubiquity of the vulnerability and the simplicity with which it could be exploited, it likely contributed to a host of security breaches.

Increased frequency and ferocity of ransomware attacks

Ransomware is ever evolving. Organizations are usually targeted through phishing or social engineering by actors from anywhere across the world. Once a system is compromised, malicious actors can deploy ransomware to encrypt files. They can demand payment in exchange for the decryption keys, and if no payment is received, actors will threaten to publicly release the stolen data. Malicious actors are exploiting the increase in remote work and lowered level of vigilance to monetize their actions. According to The Harvard Business Review, the amount paid out by victims of ransomware increased by 300 percent  in 2020.

How can you improve your security posture and minimize risk?

Button up the basics

It might seem elementary, but a great place to start is to perform a basic assessment of your data, security measures, and incident response plans. Audit who has access to your data and identify any potential high-risk or disgruntled employees who might be prone to exploitation. Maintain visibility into where your data resides and who has access to it. Assess the security posture of your key vendors and partners. Identify instances where employees may be transferring data from company laptops to external resources and come up with ways to reduce or eliminate these activities. Ensure your organization is using multi-factor authentication and regularly revisits employee training on phishing and threat identification.

Keep scalability and adaptable as key priorities

Having to re-architect systems and processes to stay ahead of the latest threats and vulnerabilities puts security teams in constant firefighting mode, which isn’t sustainable in the long run. Solutions should be automatically updatable and improvable across an enterprise without disrupting other systems or processes.

Adopt modern approaches

The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools, according to IBM. Companies with no security AI and automation averaged a hefty cost of $6.71 million per breach, whereas an organization with a fully deployed system saw costs averaging $2.9 million. The IBM report indicates that using an AI platform was a leading factor in mitigating costs, with an average cost difference of $1.49 million.

Shift from a reactive security position to a proactive threat monitoring approach

While a reactive security posture is important, your security team should prioritize active threat monitoring and prevention. This goes beyond performing vulnerability assessments—it includes mitigating those threats, monitoring the latest global security threats, and implementing mitigations to neutralize those threats.

Take stock of your security resource allocations

As threats get more sophisticated, the time and resource investments required to maintain and improve security procedures becomes more expensive and demanding. The costs of cyber insurance have been skyrocketing as well, and the latest round of exclusions due to "acts of war" are even causing claims not to be paid. Cyber insurance alone is not a solution and is not interchangeable with a robust security posture. Applying several piecemeal solutions for wide array of vulnerabilities is simply not sustainable for the long run—In fact, having multiple security solutions can even increase risk as it can contribute to confusion and result in vulnerabilities being missed. Limited resources must be applied in the most strategic, thoughtful, and cost-effective ways possible. That can often mean bringing in dedicated experts to help.

Seek out expert help

No one team can keep a company completely secure on their own—it requires insight from a community of global security experts. This demands deep investment of resources and talent and round-the-clock monitoring. By leveraging outside expertise, you can shift the risk mitigation efforts from your IT and security resources to focus on efforts more central to your business.

How Relativity Trust can help

Relativity takes every precaution to protect your information in a secure and performant way. With advanced threat prevention, automated detection and response processes, a heavy investment in compliance, and transparency, organizations have a clear picture of how their data is protected and a SaaS technology provider to help them reduce risk.

2021 Data Discovery Legal Year in Review

Dylan Salisbury is a product marketing manager at Relativity, where he specializes in understanding and serving the corporate community.